New Zealand and Australian small to medium sized businesses are in need of a wakeup call after recording the highest rate globally of reported ransomware attacks.

According to a new survey from Datto, ransomware remains the most common cyber threat to SMBs, with 56% of managed services providers reporting attacks against their SMB clients in the first half of 2019 alone. In Australia and New Zealand, 91% of MSPs report attacks against SMBs in the last two years, the highest rate globally.

The fourth annual Global State of the Channel Ransomware Report surveyed more than 1,400 MSP decision makers that manage the IT systems for SMBs, and found number of ransomware attacks against SMBs is on the rise.

Eighty-five percent of MSPs reported attacks against SMBs over the last two years, compared to 79% of MSPs who reported the same in 2018.

"It is no surprise that the frequency and sophistication of ransomware attacks against SMBs in Australia and New Zealand is on the rise, but recording the highest rate globally of reported attacks in this region is a wakeup call for SMBs,” say James Bergl, regional director, APAC Datto.

“We understand that the cost of downtime that can cripple an SMB, as such we work closely with our MSPs to take a proactive approach to delivering tailored cybersecurity solutions for small and medium businesses," he says.

The survey shows there is a disconnect exists on the significance of ransomware as a threat. Eighty-nine percent of MSPs report that SMBs should be very concerned about the threat of ransomware. However, only 28% of MSPs report SMBs are very concerned about the threat.

The cost of ransomware is significant, Datto says. Sixty-four percent of MSPs report experiencing a loss of business productivity for their SMB clients while 45% report business-threatening downtime. The average cost of that downtime is US$141,000, a more than 200 percent increase over last year’s average downtime cost of US$46,800. The report also uncovered that the cost of downtime is now 23 times greater than the average ransom request of US$5,900.

Datto says one of the most basic and effective controls when it comes to ransomware preparation is being underutilised. MSPs report enabling 2FA on only 60% of email clients and 61 percent of password managers, despite the fact that the majority of MSPs (67%) claim phishing emails are the leading cause of ransomware breaches at SMBs.

Business continuity and disaster recovery (BCDR) solutions have continued to prove to be the most effective in lessening the impact of a ransomware attack, the survey says. Ninety-two percent of MSPs report that their clients with BCDR solutions in place are less likely to experience significant downtime during an attack. In addition, four out of five MSPs state victimised clients with BCDR tools in place recovered from an attack in 24 hours or less, while less than one in five MSP clients without BCDR were able to do the same.